Review: Symantec Endpoint Protection 12

I have a confession to make: I’m not usually blown away by the antivirus software I review.

Over the years, I have learned to expect certain things from these applications, and I have not been terribly surprised by most versions that have crossed my desk.

Certainly, definitions evolve, and the means of detection improve. But for the most part, antivirus software works its magic by comparing what it sees with a static set of definitions, then taking action when it identifies a match. The interface may become more intuitive, deployment more painless and detection more accurate, but the process itself remains largely unchanged.

But the latest iteration of Symantec Endpoint Protection (v12) was a pleasant surprise. With SEP, Symantec changed direction.

Advantages

Symantec seems to have gone to great lengths to improve overall performance by training the software to avoid scanning files unnecessarily. To achieve this, it has introduced Symantec Insight, technology that uses data collected from more than 175 million opt-in customers to rate the safety of and assign reputations to almost every executable (.exe) file available.

The virus scanner uses this information to decide whether to scan a given file. When a reputation ranks highly, the application will skip it altogether, effectively minimizing scan times and lowering overall system resource utilization.

Additionally, the latest rendition of Symantec Online Network for Advanced Response introduces policy enforcement, which helps block new malicious processes before definitions become available.

This is accomplished by observing a program’s behavior in real time while leveraging its actions against a behavioral profile. If the culmination of several suspicious actions results in a poor rating, the system will proactively stop the process and prevent it from further compromising the machine. Any administrator who has wrung her hands (or pulled his hair out) while waiting for a virus definition update will no doubt appreciate this added layer of malware protection.

Why It Works for IT

The management console is well designed and easy to learn, providing tools and data for the entire organization in a single panel. Administrators who have used previous versions of SEP will find the layout and logic familiar, as it is strikingly similar to that of v11.

Most common tasks can be carried out in much the same way as they always have been, from creating custom policies to deploying to new clients. Any administrator familiar with this product family will have no problem getting up to speed with changes in the new version.

To help, Symantec preconfigures the policy settings of the Small Business Edition of SEP 12. That means administrators can hit the ground running, making customizations as needed.

Last, but far from least, because Insight reduces the files scanned and the duration of scans, SEP 12’s performance is noticeably improved on client systems, resulting in a better overall experience for end users.

Disadvantages

Though the Small Business Edition boasts advances, they come at a price. The product becomes much cheaper when an organization passes the 25-client mark, and customers receive additional discounts for longer subscription terms.